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We claim: 

1 . A method for authenticating a user, comprising: 
obtaining an asserted identity of said user; 

5 obtaining a random subset of questions that said user has previously answered, 

wherein a correlation between said user and said previously answered questions does not violate 
one or more predefined correlation rules; and 

presenting one or more questions to said user from said random subset of 
questions until a predefined security threshold is satisfied. 

10 

2. The method of claim 1, wherein said predefined security threshold is based on a 
sum of security weights of correctly answered questions. 

3. The method of claim 1, wherein one or more of said questions are directed to an 
15 opinion of said user. 

4. The method of claim 1, wherein one or more of said questions are directed to a 
trivial fact. 

20 5. The method of claim 1, wherein one or more of said questions are directed to an 

indirect fact. 

6. The method of claim 1, further comprising the step of presenting said user with a 
larger pool of potential questions for selection of one or more questions to answer. 

25 

7. The method of claim 6, further comprising the step of ensuring that said questions 
selected by said user meet predefined criteria for topic distribution. 

8. The method of claim 6, wherein said larger pool of potential questions are 
30 selected to be attack resistant. 
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9. The method of claim 1, wherein said one or more predefined correlation rules 

ensure that answers to user selected questions cannot be qualitatively correlated with said user. 

5 10. The method of claim 1, wherein said one or more predefined correlation rules 

ensure that answers to user selected questions cannot be quantitatively correlated with said user. 

11. The method of claim 1, further comprising the step of requiring said user to have 
a second factor. 

10 

12. The method of claim 11, wherein said second factor is a required possession of a 
given device. 

13. The method of claim 11, wherein said second factor is a required personal 
15 identification number. 

14. The method of claim 11, wherein said second factor is a computer file, wallet 
card, or piece of paper on which is written the user's selected questions and corresponding 
question indices. 

20 

15. The method of claim 11, wherein said second factor is a computer file, wallet 
card, or piece of paper on which is written the user's selected questions and corresponding 
question indices. 

25 16. The method of claim 1, wherein said questions from said random subset of 

questions are presented to said user in a random order. 

17. The method of claim 1, wherein said questions are presented to said user in the 

form of an index identifying each question. 

30 
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18. The method of claim 1, wherein answers to said questions are received from said 
user in the form of an index identifying each answer. 

19. The method of claim 16, wherein said index identifying each answer can be 
5 aggregated to form a password. 

20. The method of claim 16, wherein a portion of each answer can be aggregated to 
form a password. 

10 21 . The method of claim 1 , further comprising the step of storing an indication of said 

subset of questions on a device or a wallet card or a piece of paper associated with said user. 

22. An apparatus for authenticating a user, comprising: 
a memory; and 

15 at least one processor, coupled to the memory, operative to: 

obtain an asserted identity of said user; 

obtain a random subset of questions that said user has previously answered, 
wherein a correlation between said user and said previously answered questions does not violate 
one or more predefined correlation rules; and 
20 present one or more questions to said user from said random subset of questions 

until a predefined security threshold is satisfied. 

23. The apparatus of claim 20, wherein said predefined security threshold is based on 
a sum of security weights of correctly answered questions. 

25 

24. The apparatus of claim 20, wherein one or more of said questions are directed to 
an opinion of said user. 

25. The apparatus of claim 20, wherein one or more of said questions are directed to a 
30 trivial fact. 
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26. The apparatus of claim 20, wherein one or more of said questions are directed to 

an indirect fact. 

5 27. The apparatus of claim 20, wherein said processor is further configured to ensure 

that questions selected by said user meet predefined criteria for topic distribution. 

28. The apparatus of claim 20, wherein said one or more predefined correlation rules 
ensure that answers to user selected questions cannot be qualitatively correlated with said user. 

10 

29. The apparatus of claim 20, wherein said one or more predefined correlation rules 
ensure that answers to user selected questions cannot be quantitatively correlated with said user. 

30. The apparatus of claim 20, wherein said questions from said random subset of 
15 questions are presented to said user in a random order. 

31. The apparatus of claim 20, wherein said processor is further configured to store 
an indication of said subset of questions on a device associated with said user. 

20 32. An article of manufacture for authenticating a user, comprising a machine 

readable medium containing one or more programs which when executed implement the steps 
of: 

obtaining an asserted identity of said user; 

obtaining a random subset of questions that said user has previously answered, 
25 wherein a correlation between said user and said previously answered questions does not violate 
one or more predefined correlation rules; and 

presenting one or more questions to said user from said random subset of 
questions until a predefined security threshold is satisfied. 
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